Bug 889429 - (CVE-2014-3560) VUL-0: CVE-2014-3560: samba: Samba4 unstrcpy macro length is invalid
(CVE-2014-3560)
VUL-0: CVE-2014-3560: samba: Samba4 unstrcpy macro length is invalid
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
All openSUSE 13.1
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-07-29 18:19 UTC by Lars Müller
Modified: 2014-09-01 09:57 UTC (History)
3 users (show)

See Also:
Found By: Community User
Services Priority:
Business Priority:
Blocker: No
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Lars Müller 2014-07-29 18:19:52 UTC
embargoed via https://bugzilla.samba.org/show_bug.cgi?id=10735

CRD is 2014-08-01

We have Samba 4.1.9 currently only in openSUSE 13.1 as a released product.

Karolin Seeger drafted the advisory:

===========================================================
== Subject:     Remote code execution in nmbd
==
== CVE ID#:     CVE-2014-3560
==
== Versions:    Samba 4.0.0 to 4.1.9
==
== Summary:     Samba 4.0.0 to 4.1.9 are affected by a
==              remote code execution attack on
==		unauthenticated nmbd NetBIOS name services.
==
===========================================================

===========
Description
===========

All current versions of Samba 4.x.x are vulnerable to a remote code
execution vulnerability in the nmbd NetBIOS name services daemon.

A malicious browser can send packets that may overwrite the heap of
the target nmbd NetBIOS name services daemon. It may be possible to
use this to generate a remote code execution vulnerability as the
superuser (root).

==================
Patch Availability
==================

A patch addressing this defect has been posted to

  http://www.samba.org/samba/security/

Additionally, Samba 4.1.11 and 4.0.21 have been issued as security
releases to correct the defect. Patches against older Samba versions
are available at http://samba.org/samba/patches/. Samba vendors and
administrators running affected versions are advised to upgrade or
apply the patch as soon as possible.

==========
Workaround
==========

Do not run nmbd, the NetBIOS name services daemon.

=======
Credits
=======

This problem was found and the fix provided by Volker Lendecke, a
Samba Team member working for SerNet <vl@sernet.de>
https://www.sernet.de.
Comment 1 Swamp Workflow Management 2014-07-30 22:00:13 UTC
bugbot adjusting priority
Comment 3 Lars Müller 2014-08-03 14:17:56 UTC
https://build.opensuse.org/request/show/243457  openSUSE 13.1  talloc
https://build.opensuse.org/request/show/243458  openSUSE 13.1  tdb
https://build.opensuse.org/request/show/243459  openSUSE 13.1  tevent
https://build.opensuse.org/request/show/243460  openSUSE 13.1  ldb
https://build.opensuse.org/request/show/243461  openSUSE 13.1  samba

Samba 4.1.11 requires ldb 1.1.17 which requires the version updates of talloc, tdb, and tevent.
Comment 4 Swamp Workflow Management 2014-08-20 17:05:37 UTC
openSUSE-SU-2014:1040-1: An update that solves one vulnerability and has 5 fixes is now available.

Category: security (moderate)
Bug References: 865627,884056,889429,889539,890005,890008
CVE References: CVE-2014-3560
Sources used:
openSUSE 13.1 (src):    ldb-1.1.17-3.4.1, samba-4.1.11-3.26.1, talloc-2.1.1-7.4.1, tdb-1.3.0-4.4.1, tevent-0.9.21-4.4.1
Comment 5 Marcus Meissner 2014-09-01 09:57:59 UTC
was released